CVE-2026-40621 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 13, 2026
ELECOM Wireless LAN Access Point - Broken Access Control
Overview
ELECOM wireless LAN access point devices contain a broken access control vulnerability caused by lack of authentication on specific URLs, letting attackers access device functions without authentication, exploit requires no special privileges.
Severity & Score
Impact
Attackers can access device functions without authentication, potentially leading to unauthorized configuration changes or information disclosure.
Mitigation
Update to the latest version or apply vendor recommended patches.
Social Media Activity(2 posts)
š“ CVE-2026-40621 - Critical (9.8) ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. š https://www.thehackerwire.com/vulnerability/CVE-2026-40621/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-40621 - Critical (9.8) ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. š https://www.thehackerwire.com/vulnerability/CVE-2026-40621/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40621
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- rejected
- EPSS
- 7.5%
- Social Posts
- 2
CWE
- CWE-288
CVSS Metrics
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H